Chrome SuppressDifferentOriginSubframeJSDialogs setting override using JS?

Question

The Chrome dev team apparently just rolled out a new "feature" called SuppressDifferentOriginSubframeJSDialogs, which makes it so alert+confirm boxes from an iFrame on a different domain than the parent does not show up, by default: https://www.chromestatus.com/feature/5148698084376576

This means if you have an embedded form, and you relied upon the standard JavaScript alert to inform the user of errors (or a confirm to ensure they want to make a change), it now does nothing, completely destroying the UX.

Obviously we can overwrite the built-in alert and confirms with custom ones, but moving away from what is built into the browser now introduces re-designs for every UI (mobile, tablet, laptop, desktop, etc.) instead of just relying upon proven, built-in technology.

Is there a way to change this cross-domain setting, or to whitelist specific domains to override this feature? We do have access to the parent site with an external JS include file (obviously, otherwise this would be a wide-open back door).

Answer 1

To Disable SuppressDifferentOriginSubframeJSDialogs , which block js Dialog box pop up

If you are single users ( Windows ) :

1. Right click on desktop and create a shortcut

2. Windows will pop up a screen and ask you "type the location of the item:"....now paste those value into the textbox

   "C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-features=SuppressDifferentOriginSubframeJSDialogs

3. Click "next" then "finish" button to create the shortcut

4. Now you shall see a chrome shortcut created in your desktop .Close all active Chrome instance ( if exists ) then launch the shortcut and you will found Js pop up wont block anymore.

Tips : If you want push this fix to all your cooperate domain users , you may consider use Domain group policy to update Chrome shortcut value or use custom domain logon script logic to do so

Answer 2

I found a setting in the latest Chrome GPO template that creates a reg entry that will deal with this and the same reg entry placed in the Edge location also resolves the error there. (at least it worked for the problem that came up for us yesterday FWIW)

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Edge] "SuppressDifferentOriginSubframeDialogs"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome] "SuppressDifferentOriginSubframeDialogs"=dword:00000000

The latest Edge GPO templates do not have the setting yet, but I imagine it's only a matter of time.